Lucene search

K

Ubuntu.comUB:CVE-2015-3874

HistoryOct 06, 2015 - 12:00 a.m.

CVE-2015-3874

2015-10-0600:00:00

ubuntu.com

ubuntu.com

10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.7%

The Sonivox components in Android before 5.1.1 LMY48T allow remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption) via a crafted media file, aka internal bugs 23335715, 23307276,
and 23286323.

Notes

Author	Note
jdstrand	as with previous stagefright issues, this issue affects Ubuntu’s android packages, but not in a way that is exposed to apps. See CVE-2015-1538 for details

References

android.googlesource.com/platform/external/sonivox/+/5d2e7de37d4a28cf25cc5d0c64b3a29c1824dc0a%5E!/#F0

android.googlesource.com/platform/external/sonivox/+/8a9f53ee2c661e8b5b94d6e9fbb8af3baa34310d%5E!/#F0

android.googlesource.com/platform/external/sonivox/+/8cbef48ba6e3d3f844b895f8ca1a1aee74414fff%5E!/#F0

android.googlesource.com/platform/external/sonivox/+/f333a822c38c3d92f40e8f1686348e6a62c291%5E!/#F0

groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4

launchpad.net/bugs/cve/CVE-2015-3874

nvd.nist.gov/vuln/detail/CVE-2015-3874

security-tracker.debian.org/tracker/CVE-2015-3874

www.cve.org/CVERecord?id=CVE-2015-3874

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.7%

Related for UB:CVE-2015-3874

android3 seebug1 zdt1 prion4 exploitpack1 packetstorm1 cve4 threatpost1 exploitdb1 ubuntucve70 thn2 githubexploit1 checkpoint_advisories1 huawei1 cert1 androidsecurity2